Axonius - Deploy Files and Run Shell Command on Windows Assets

Axonius - Deploy Files and Run Shell Command on Windows Assets deploys an optional list of selected files and runs a command line on each of the windows devices which are the results of the query.

General Settings

• Use stored credentials from the Active Directory adapter - Select this option to use the first connected Microsoft Active Directory (AD) adapter credentials.

Required Fields

These fields are required to run the Enforcement Action.

• Command - Specify the command you want to run on the windows device. Add a condition to the command to print the result into the Command Name field. For example, "wmic computersystem get name" OR just "echo".

• Command name - Specify the field name to be added to the device. If you set the Command field, then you must add a value to this field. This new field will be populated if a condition has been added in the command field.

• Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.

Additional Fields

These fields are optional.

• DNS Servers - Specify a comma-separated list of DNS servers to be used to resolve the hostnames in the saved query supplied as a trigger (or devices that have been selected in the asset table).

  • If supplied, Axonius will use the specified DNS server to resolve the devices' hostnames. For each asset, the first response will be the one to be used.
  • If not supplied or if no response has been received from any of the specified DNS servers, the default DNS server will be used.

• Use NBNS - Use the NetBIOS Name Service protocol.

• Max timeout for the created process - Set the maximum time (in seconds) for the created shell process to run before it is terminated.

• Reset timer for each request in seconds - Set the maximum time for each WQL query to return a response.

• Files to deploy - To deploy files on the device, use the following controls to upload one or more files:

  • 'Choose file' - to choose a file to be upload.
  • '+' - to upload additional file.
  • 'x' - to remove the uploaded file.
  NOTE

  The uploaded files are deployed to the c:\windows\axonius folder. When uploaded, if a file with the same name already exists, it is overridden by the new uploaded file. Uploaded files are not automatically deleted.

• Path to Remote Files - Enter the path to the remote files to deploy. Remote services can be: FTP, SFTP, SMB or URL.

• Suppress NetBIOS name lookup - Do not use the NetBIOS name lookup.

• Additional HTTP headers - Enter any additional HTTP headers.

• HTTP proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.

• HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.

• Replace command variables with Axonius fields - You can use Axonius fields as values in command parameters in place of variables. For example, by creating a mapped field named "MY_FIELD", you can insert it into the command by adding the string "{AXONIUS_ATTRIBUTE:MY_FIELD}", using the keyword AXONIUS_ATTRIBUTE, where you want this value to be inserted. Each field must be enclosed in curly brackets to mark the beginning and end of the field name.

  For example, the field TOKEN is used in the following command:

  CsUninstallTool.exe MAINTENANCE_TOKEN={AXONIUS_ATTRIBUTE:TOKEN} /quiet
  

  See Axonius to External Field Mapping for more information.

• Files Directory - Specify the directory to which the files uploaded by the Enforcement Action will be deployed.

• Gateway Name - Select the gateway through which to connect to perform the action.

Required Ports

The following ports should be opened:

• 135 RPC
• 445 SMB
• Random port in the range: 1024-65535